Newfoundland and Labrador officials said Wednesday they had uncovered more data theft stemming from a cyberattack last October against the province’s health care networks, and the latest breach may involve “thousands” of people.
More than 200,000 files on a network drive were stolen by the attackers, David Diamond, head of the province’s largest health authority, told reporters in St. John’s. The latest breach, he said, was discovered on Feb. 25 and officials are still working to determine how many people are involved and what information was taken.
Personal health information, including medical diagnoses, health care numbers and procedures ordered for patients, may be among the stolen data, he said. Employment information may also have been stolen, but there was no indication that Social Insurance numbers were taken, Diamond added.
“As you can imagine, with 200,000 files, there are literally millions of data points,” said Diamond, chairman of the Eastern Regional Health Authority. “There is a lot of manual work before we can put a final figure, but we expect the number to be significant; it could be thousands of people between staff and patients.
Officials announced multiple privacy breaches and data theft stemming from last October’s attack, which some experts say was the worst cyberattack in Canadian history. The attack destroyed much of the province’s healthcare computer networks, forcing the cancellation of thousands of appointments and shutting down services like diagnostic imaging and cancer care. In some hospitals, nurses and doctors have reverted to a paper-and-pencil system for tracking patients.
Diamond said computer systems had to be rebuilt “from scratch”. He could not say on Wednesday if that reconstruction was complete, but he noted that health care operations were now running “about 100%.”
Health officials refuse to disclose the type of attack that hit the health system, although cybersecurity experts have said it bears all the hallmarks of a ransomware attack, in which hackers demand payment in exchange for stolen data or a key to decrypt compromised networks.
Joining Diamond for Wednesday’s press conference, Health Minister John Haggie maintained that silence, declining to say whether a ransom had been demanded or paid, or whether the province knew who was behind the attack and what motivated them. .
When asked if any weaknesses in the systems had been discovered that could have led to the attack, Haggie said officials had “identified things that we are rectifying”. He acknowledged that his opaque response was unsatisfactory.
“We have been advised by our security advisors that giving details of the incident beyond a certain point would be unwise and could compromise our future ability to provide services,” he explained.
When asked when that information might be made available, Haggie mentioned several ongoing investigations into the cyberattack, including an investigation by the province’s privacy commissioner.
“These will, in the fullness of time, each present a public report on their facet of this incident,” Haggie said. “In terms of operational security, there are considerations that would prevent certain information from being released now and in the future.”
Our Morning Update and Evening Update newsletters are compiled by Globe editors, giving you a concise summary of the day’s most important headlines. register today.